package zzu.mxd.config.interceptors;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import zzu.mxd.utils.HttpClient;
import zzu.mxd.utils.RedisUtils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


/**
 * Created by zwl on 2018/11/11.
 * May god bless me
 */
@Component
public class ExceptLoginInterceptor implements HandlerInterceptor {
    @Autowired
    private HttpClient httpClient;
    @Autowired
    private RedisUtils redisUtils;
    @Value("${spring.security.timeOutMilliSeconds}")
    private long timeOutMilliSeconds;
    //这个方法是在访问接口之前执行的，我们只需要在这里写验证登陆状态的业务逻辑，就可以在用户调用指定接口之前验证登陆状态了
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String stamp = request.getParameter("timeStamp");


        String userId = request.getParameter("userId");
        String token = request.getParameter("token");
        String openId;
        if(stamp!=null&&!stamp.equals("")){
            //转化
            Long timeStamp=Long.parseLong(stamp);
            //检测时间
            if (timeStamp - System.currentTimeMillis() <= timeOutMilliSeconds) {
                //检测UserId
                if (userId != null && !userId.equals("")) {

                    openId = httpClient.getOpenId(request, response);
                    if(openId!=null){
                        //检测OppId
                        if (openId.equals(redisUtils.get(userId + "openId"))) {
                            //检测token
                            if (token.equals(redisUtils.get(userId + "token"))) {
                                return true;
                            } else {
                                response.sendError(300, "非法请求");
                                return false;
                            }
                        } else {
                            response.sendError(300, "非法微信端请求");
                            return false;
                        }
                    }else {
                        response.sendError(300, "获取不到openID");
                        return false;
                    }

                } else {
                    response.sendError(300, "不存在的用户");
                    return false;
                }
            } else {
                response.sendError(300, "请求超时");
                return false;
            }
        }else {
            response.sendError(300, "时间参数获取错误");
            return false;
        }


    }

    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable ModelAndView modelAndView) throws Exception {
    }

    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
    }

}